As a globally oriented conference, we are proud to host the most diverse perspectives. Jeremy Thompson, who oversees the development of Huawei’s business in Europe with a focus on security, brings a particular breadth to the conference. His responsibilities include aligning Huawei’s strategic development activities and security capabilities with key customers and European Governments. This interview between Samir Aliyev, CEO and Founder of the Swiss Cyber Institute, and Jeremy, however, is primarily about the red-hot topic of 5G security.
5G is a lot more than just faster connections. What is so different, and how does it contribute to driving business transformation?
While 4G was all about enabling applications on smart phones, 5G is about connected devices (sometimes called the Internet of Things) and new B2B/B2C business models. The number of devices that can be connected is significantly larger. Improved latency, lower power consumption and assured quality by network slicing lead to many new use cases.
Big Data transmission and computing combined with low latency open a new era of remote control of many devices with a high degree of automation, thus protecting resources. Devices and connectivity can be managed more efficiently and economically, enabling businesses to reduce their environmental footprint.
The technological evolution of 5G allows on-site networks, so called Multi-Access Edge Computing campuses or solutions. Companies can thus operate their own, independent network with maximum security end-to-end for a variety of new use cases.
Thanks to years of close collaboration between the private and public sector, innovative security standards were developed and agreed that make 5G more secure than previous network technologies.
What are typical examples of sustainability and security in context with new use cases in 5G?
Remote surgeries in healthcare, as well as anything that makes industries like agriculture, mining, logistics or manufacturing smart, will benefit from 5G or the concomitant Internet of Things.
A concrete example is the East-West Gate Intermodal Terminal (EWG) in Hungary. As Europe’s largest intelligent multimodal rail hub, it is the first rail port in Europe to use a private 5G network for high-tech operations. With low latency, high uplink bandwidth for camera images and a high 99.99% reliability, all cranes can be controlled remotely from one control room. The 3D terminal management software is in contact with the customers online, collects and processes the data from all subsystems and tracks the status of the containers in real time with 3D visualization.
The advantages: High reliability and stability of Automated Guided Vehicles (AGV), which was not possible with previous technologies or WIFI. A significant part of the process is unmanned and automated, which considerably reduces costs. Protecting employees from working in hazardous environments brings a huge improvement in Environmental Health and Safety (EHS). More efficient processes, less need for human labor and battery powered Automated Guided Vehicles (AGVs) result in a massive reduction in carbon emissions compared to the same process steps in previous logistics hubs. (https://www.porttechnology.org/news/europes-largest-intermodal-5g-terminal-opens-in-hungary/)
5G is creating a new environment with billions of connected devices. What are the main risks associated to 5G?
5G is significantly more secure than previous networks. But we need to be prepared for new attack vectors.
It will be crucial to protect the many small, low-cost devices on the networks for a long time. Such devices may be supplied by many different vendors. Some of them probably do not apply minimum security standards, nor do they go through a certification process that is consistent with network device security programs. And in the long run, proper vulnerability management could be an additional risk.
The protection of sensitive data must go hand in hand with highly secure access management for users.
Private 5G networks supporting specific organizations or verticals require special attention. IT specialists and CISOs need additional training and/or professional support in evaluating and procuring appropriate and standard secured hardware and software to properly integrate them into the network environment and operate them throughout their lifecycle using best practices.
What are the key stakeholders doing to secure this new technology for growth?
Operators have significantly improved their security organizations and capabilities in line with the new threats and government requirements. Best practices and international standards such as GSMA, NESAS, SCAS are essential. Recently, a Swiss network operator published a white paper on 5G security, putting the GSMA 5G Cybersecurity Knowledge Base (5G CKB) at the heart of its network resilience. Vendors have more effectively integrated security by design into new products, and new security principles such as zero trust are now widely accepted and applied.
Vulnerability management and knowledge sharing have improved for the protection of platforms in operation.
Standardization institutions have reached a new level of maturity providing comprehensive guidance to manufacturers, industries, and regulators, such as the GSMA 5G CKB.
However, there is still a lack of awareness and potential for improvement in terms of customer capabilities when it comes to B2B or B2C solutions.
Mobile applications have become integral to our lives and are strategically important for all businesses. With this increasing reliance on mobile networks and apps, are companies doing enough to provide a safe and secure user experience?
I cannot speak for the whole industry and I am sure there are still gaps between small app developers and large software developers. However, the consensus is of the same for hardware manufacturers: apply security and privacy by design and default principles, apply industry best practices and make your product design transparent and verifiable.
In addition to this, end users also play an important role when it comes to apps and their security – use them consciously, provide feedback if you come across potential threats, regularly update the latest software version.
Adding emerging technology to legacy IT increases the complexity of an organization’s digital environment. What key elements are required to balance the value of new technology with the potential for increased cyber risk that comes with it?
Continuously evolving Security Orchestration and Automated Response solutions will play an ever more important role to support experts and users to keep an oversight. Beyond this, continuous learning, a proper network design, as well as asset-, lifecycle and vulnerability management are fundamental requirements to meet the increasing cyber risks.